shining_armorfandomcom-20200214-history
MediaWiki talk:ChatTags/code.js
ChatTags Image Shouldn't it be chatags.css = '.chatags-image{max-width:300px;max-height:300px;}'; and not chatags.css = '.chatags-image{max-width:300px;max-width:300px;}'; ? I can't personally see the point of two max-width parameters :P Probably should've mentioned that you'll also need to specify height:auto;width:auto to allow images to keep their aspect ratios. Somehow works fine without it :s ~PlasmoidThunder : This has been fixed and is present in the current live version of the script. : ᐃᓐᓂᕈᖅᑐᖅ 10:58, December 31, 2015 (UTC) Other Junk The input field tags like font don't accept fonts with spaces in their names, meaning fonts such as 'comic sans ms' do not work. I don't know enough about javascript to know how to fix that one, but in the original version of the script, it worked fine. It would be nice to be able to alter the maximum size for images and the embedded YouTube player, as the current sizes are far too big, especially for those who don't view the chat in fullscreen mode. An option to alter the tags themselves in a similar manner to how one would add new ones would be most appreciated, as users who are accustomed to the BBCode of forums would be thrown by the unusualness of the img and yt tags (forums typically use img/img, not img; same with youtube/youtube over yt). Lastly, because more often than not the image posted in the chat will appear smaller than it's supposed to be, it'd be nice if clicking on the image opened the full version of it in a new tab. ~PlasmoidThunder : I am quite aware of all of these issues but it is important to remember that this parser is merely an interim parser written to keep people happy whilst I polish off the new parser. This parser in its entirety was written in a mere hour and has done a good job of holding people over for the time being. : It is actually possible to edit these sizes with the use of CSS as that's the only thing that is dictating the sizes of the images. With a few simple rules and some !importants you can most certainly fix this issue on a per wiki basis. : Furthermore you can alter the built-in tags by changing the value of their object. Simply define a new tag with the same name as the one you want to replace and it will, in fact, replace the old one. : Finally, I am aware that the parser is not using true BBCode but instead some BBCode-like mark-up language but for right now it serves its purpose just fine. In the future, as in the next version, the parser will parse tags as you would expect them and will be, for the most part, compliant in the BBCode standard. Though, it will not be called ChatTags but will instead be called BBfy so as not to confuse people about the two major versions. Both scripts will remain usable for a year and then slowly BBfy will replace ChatTags. : ᐃᓐᓂᕈᖅᑐᖅ 10:57, December 31, 2015 (UTC) :: In regards to the second and third paragraphs, that's what I thought; in fact, that's what I did, but the javascript revision was rejected. ::~PlasmoidThunder ::: That's because your script revision was insecure. It opens up a security hole where you can inject any type of malicious code. ::: ᐃᓐᓂᕈᖅᑐᖅ 12:42, December 31, 2015 (UTC) :::: Oh? How so? :::: ~PlasmoidThunder ::::: If you are not able to follow through your code and figure that out then you should not be writing code like this. There are very serious risks involved in code like this and they need to be taken into consideration every time you extend or modify this script. Failure to do so opens up your users and yourself to malicious code and account hijacking. This is also one of the main reasons for the security review process, it is to stop both malicious people from injecting malicious code and to stop unaware people from adding code that puts their users at risk without knowing it. ::::: There is also one more serious issue with your code and that lies in the way you are handling images and YouTube videos. First of all the way you are handling YouTube embeds is extremely insecure as you are not at all validating the input. Instead you are sticking it between two HTML fragments without escaping anything. This opens up your users to the dangers stated above. ::::: The next issue is with the way images are handled. When posting a link to chat, whether that be an image or otherwise, it is put inside of an anchor tag already. The current parser is not equipped to clean and parse chat tags with anchor elements within tags. Trying to do this will just break the parser and it will return unparsed or partially parsed strings. This is something that I can't really address with this parser. ::::: Either which way I recommend that you educate yourself on both JavaScript, HTML, and XSS this way you can safely extend the parser. ::::: ᐃᓐᓂᕈᖅᑐᖅ 16:14, December 31, 2015 (UTC) :::::: Yeah, I had a feeling it was my alterations to the img and yt tags, so thank you for actually confirming that. I am indeed educated on HTML, but have very limited javascript knowledge and XSS is unknown to me, though I can read javascript and understand what does what; that said, I would have appreciated a response like this days ago that actually detailed what was wrong with my revisions instead of just 'converting to secure script' and 'no, that won't work'. :::::: Guess I'll just disable img/yt tags and add back in the original greentext and spoiler tags that were lost during the transition over to the new script; they're just text styling, so there's surely nothing unsafe about those two. :::::: ~PlasmoidThunder Question Question. How do I get the Video Tag to work on chat. the way it's presented in the code is rather confusing. Alissa the Wise Wolf (talk) 05:55, March 14, 2016 (UTC)